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WO 01/35571 PCT/USOO/30899 
PROCESS AND STREAMING SERVER FOR ENCRYPTING A DATA STREAM 

Technical Field of the Invention 

The present invention provides a process for encrypting a data stream to secure the data 
5 stream for single viewing and to protect copyrights of the data stream. Specifically, the 
invention provides a process for protecting streaming multimedia, entertainment and 
communications in an Internet-type transmission. The invention further provides a streaming 
server component operably connected with a streaming server that interacts with a client 
system to effect the inventive process. 

10 

Background of the Invention 

The Internet has provided another means for communication whereby data can be 
streamed from a server to a client. The client is responsible for displaying the streamed data, 
preferably streamed media, to a user. The server is responsible for delivering the data stream 

15 to the client. The Real Networks and Microsoft solutions send the data stream via a UDP (a 
connectionless Internet protocol) along with another connection between the client and the 
server that controls the transmission of the streamed data. The control connection element 
functions to stop buffer overruns and can adjust the transmission of the stream to compensate 
for bandwidth latencies. One problem with this arrangement, however, is that the data that are 

20 streamed to the client from the server are unprotected and available to anyone on the network. 
Therefore, there is a need in the art to better protect from interception across a wide area 
network, such as the Internet. Specifically, the need relates to providing an ability to protect 
the improper interception and ability to copy streaming data across the Internet. At present, 
there is no protection mechanism in place to protect copyrighted data. 

25 Once the data has been release by the server and either received by the user or 

intercepted before being received by the user, there is no way to restrict the re-transmission of 
such data once it has been released over a network. Even if the data stream has been 
copyrighted, there is no means to protect or enforce copyright protection of streamed data. The 
entity owning the copyright and streaming such content realize that there is no control over 

30 what is done with such content after it is released. Therefore, there is a need in the art to 
provide a means for protecting copyrights in content once streamed over a network. The 
present invention was designed to address both needs. 

Currently, no streaming media solution actually encrypts the data that is being sent 
from the server to the client. One solution can accomplish this with existing technology, such 

35 as by merging SSL secure HTTP sockets with a streaming software package, such as 

Quicktime. Unfortunately, Quicktime does not have a full screen view option. Therefore, 
there is a need in the art to develop a better method for streaming video data. 
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Summary of the Invention 

The present invention provides a process for encrypting a data stream to secure the data 
stream to enable only single viewing, comprising: 

(a) providing a client selection for a streaming data transmission; 
5 (b) opening a connection to a streaming server and sending URI, token and user 

information to the streaming server, wherein the streaming server comprises a client data 
connection module to send data packets to a client, and encryption module to use encryption 
keys negotiated with the client to encrypt the data stream and operably connected to the client 
data connection module, and a flow control module for controlling the rate of data stream flow 
10 to maintain a full client buffer; 

(c) approving or disapproving a valid or invalid, respectively, URI and token 
combination on a transaction server, wherein the transaction server comprises a client 
interaction module for connecting a user to the transaction server component, a user 
verification module having a user database wherein the user verification module is operably 

1 5 linked to the client interaction module and checking for a valid user, and a URI and token 
creation module operably linked to the user verification module for creating new URIs and 
tokens in response to user requests; and 

(d) providing a continuously encrypted data stream to the client if a valid URI and 
token combination was found. 

20 Preferably, the streaming server component further comprises a read buffer module 

operable connected with the flow control module for reading in data from a source footage on 
storage medium. Preferably, the streaming server component further comprises a user 
interface module operably connected to the file system module or flow control module for 
setting server options. Preferably, the streaming server further comprises a client server 

25 component comprising a data stream control protocol module to create an initial connection to 
the streaming server component, a decryption module to decrypt the incoming data stream, an 
input buffer module to buffer incoming data streams, and a display control module to control 
the display of streaming data. Most preferably, the client server component further comprises 
a display module to display audio and video data. 

30 Preferably, the providing the continuously encrypted data stream step (d) further 

comprises a user interface module in the streaming server to allow for pausing, stopping, 
playing or restarting the data stream. Preferably, the transaction server is implemented with 
ASP scripts for encryption. 

The present invention further comprises a streaming server for encrypting a data stream 

35 to secure the data stream to enable only single viewing, comprising: 

(a) a streaming server component, wherein the streaming server component comprises a 
client data connection module to send data packets to a client, and encryption module to use 
encryption keys negotiated with the client to encrypt the data stream and operably connected to 
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the client data connection module, and a flow control module for controlling the rate of data 
stream flow to maintain a full client buffer; and 

(b) a transaction server component, wherein the transaction server component 
comprises a client interaction module for connecting a user to the transaction server 

5 component, a user verification module having a user database wherein the user verification 
module is operably linked to the client interaction module and checking for a valid user, and a 
URI and token creation module operably linked to the user verification module for creating 
new URIs and tokens in response to user requests. 

Preferably, the streaming server component further comprises a read buffer module 

10 operable connected with the flow control module for reading in data from a source footage on 
storage medium. Preferably, the streaming server component further comprises a user 
interface module operably connected to the file system module or flow control module for 
setting server options. Preferably, the streaming server further comprises a client server 
component comprising a data stream control protocol module to create an initial connection to 

15 the streaming server component, a decryption module to decrypt the incoming data stream, an 
input buffer module to buffer incoming data streams, and a display control module to control 
the display of streaming data. Most preferably, the client server component further comprises 
a display module to display audio and video data. 

20 Brief Description of the Drawings 

Figure 1 shows a schematic of the client component of the enabled to receive and view 
an encrypted data stream. The client component contains a token storage module 1 00, a stream 
control protocol module 120, and a decryption module 160. 

Figure 2 shows a schematic of the streaming server component having an encryption 
25 module 220 and a client control connection module for key negotiation and token verification 
200. 

Figure 3 shows a schematic of the transaction server components having a token 
creation module 330 and a user verification module 310. 

Figure 4 shows a schematic of various client scenarios showing the need for a token in 
30 order to unlock (decrypt) a data stream for viewing. 

Figure 5 shows a schematic of the process for the streaming server showing the receipt 
of a client token triggering a negotiation of encryption keys to allow viewing and receipt of a 
data stream. 

Figure 6 shows a schematic of the transaction server process providing for setting up of 
35 client accounts and token creation. 

Detailed Description of the Invention 

The present invention provides a process to encrypt a data stream, such as multimedia 
entertainment and communications, via the Internet. The encrypted data stream will allow for 
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copyrighted materials and multimedia communications (e.g., analyst meetings) on a secure, 
pay-per-view basis. The data stream cannot be stored on a client machine for future play-back, 
or re-transmitted. A client, however, can view a data stream as many times as desired within a 
specified time frame. 

5 A preferred encryption protocol provides, for example, an encryption algorithm of a 

192 bit key (e.g., Triple DES), a UDP packet protocol, a RTSP (rfc 2326) packet transmission 
protocol, an RTP (rfc 1889) packet transmission control protocol, and MPEG1 video storage 
compression. However, the foregoing example of a preferred encryption protocol will change 
as such techniques improve with time. 

10 One advantage of the inventive process, using the inventive streaming server and 

transaction server, is that the client does not really need to possess fully optimized equipment. 
Only one client will run on any one machine at any one time. The client will need to playback, 
for example, 30fps 320x240 video and audio back with no jitter. This will require a stream of 
about 250-300 kpa, a large data buffer (of at least several megabytes), and a 350 Mhz Pentium 

1 5 II processor or greater running Windows 98 or Windows NT. 

The server, for example, can be a folly optimized, multi-threaded (thread pool) 
Windows NT service. Unlike an HTTP server, this allows sessions with clients to be cached 
and the server will need to maintain state in respects to all clients. 
Definitions 

20 The following terms shall be used with the meanings defined herein. 

Client shall mean the computer that the data is being sent to. 
User shall mean the person executing instructions on the client. 
Module shall mean a collection of compiled code designed to perform a specific 
function. 

25 URJ shall mean universal resource identifier, that is, the location on the server of the 

stream. 

Token shall mean a binary piece of information that describes the permissions the user 
has for a specific stream. 

In a preferred embodiment of the inventive process and streaming server, the video 
30 will be stored unencrypted on the server machines; the files will only be retrievable through the 
server software. The inventive server will be responsible for (1) negotiating a set of encryption 
keys; and (2) encrypting the video data "on the fly" thereby making the data packets that are 
actually going over the wire useless to any computer other than the intended machine. A 
preferred encryption standard is TRIPLE-DES with a 168bit key. This form of encryption is 
35 not currently exportable outside of the US and Canada and is extremely secure. The server 
will use UDP for transmission of the data. This protocol uses considerably less network 
resources than other TCP protocols (http for example). 

Client software will be responsible for decrypting the video data and playback. The 
encryption keys used will be different every time a movie is accessed. Every time the client is 
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executed, a different encryption key is created so the client cannot play back earlier streams if 
they were somehow saved to disk. > 
Flow Charts 

With regard to Figure 1, this shows a schematic of the client component of the 

5 inventive process and streaming server enabled to receive and view an encrypted data stream. 
The client keeps a list of all current streams and the corresponding tokens. This information is 
stored on the token storage module 100. This list will consist of the following three items: (1) 
the URI, (2) the token for that URI, and (3) the expiration date given by the server. It is not 
desirable for the client to have any way of determining if the token is valid or not. Because of 

10 this, and the need to remove out of date tokens, the server returns the expiration date. This 
information is used by the client to display information. The expiration date itself never sent 
back to the server and the server verifies that the token passed is valid. Examples of module 
devices that can be used as token storage modules include, for example, Random Access 
Memory, secondary storage (hard disk), and embedded with software providing for token 

1 5 storage inventory and tracking of expiration dates. 

The client communicates with a user interface 1 1 0. The client will have a standard user 
interface that will give the appropriate user experience. The interface will have the ability to 
look through current valid streams or to connect to the server to search for other streams that 
could be viewed. The client user interface 110 communicates with a local display control 

20 module 130 and a stream control protocol module 120. The client has to be able to setup a 

communications session with the server as well as control the flow of data from the server once 
the stream is being viewed. The stream control protocol module 120 creates the initial 
connection by connecting to the server, passing the requested URI, Token, and user 
information. The stream control protocol module 120 then negotiates a set of encryption keys 

25 and controls the flow of data from the server. Examples of stream control protocol module 
devices 120 within a client component that can be used to negotiate a set of encryption keys 
and control the flow of data from a server include, for example, Random Access Memory and 
the network interface card or modem. The software that will be uploaded into this module will 
monitor the rate of the data being received by sending network statistics to the streaming 

30 server. The display control module 130 controls the display of the data, and has the ability to 
pause, stop, or re-start the video stream. Examples of display control modules suitable for use 
within the client component include, Random Access Memory and the video card. The 
software running in this module will convert the data being sent form the server into a format 
that can be displayed to the user. 

35 The display module 140 displays video and audio data. The input buffer module 150 is 

a module that contains the stream buffer. The stream buffer contains a circular buffer of 
decrypted data that the display control modules reads from and the decryption module writes 
to. Examples of stream buffer module devices that can be used to contain a circular buffer of 
decrypted data include, for example, Random Access Memory. As packets are being received 
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from the server, before the data is put into the input buffer, the data within the transport packet 
is decrypted by a decryption module 1 60 using the keys negotiated by the stream control 
protocol module 120. A decryption module is available commercially, for example SSL, DES, 
and RSA are available and suitable for use as a decryption module. Lastly on the client 

5 component sides is a data stream receive module 1 70. This module handles the reception of 
the data packets sent by the server. Appropriate module devices that can be used as a data 
stream receive module within the client component includes, for example, Random Access 
Memory. The software contained in this module will save the data being received by the client 
in a format that can be used by subsequent modules. 

10 With regard to Figure 2, the client control connection module 200 will handle control 

communications between the client and the server. The client and server will negotiate a set of 
encryption keys. The client will send user information, the URI, and the token to the streaming 
server via the client control connection module 200. From this module 200, the data that is 
streamed to the client can be controlled (that is, paused, stopped, or restarted). Hardware 

1 5 devices suitable for use as a client control connection module within the streaming server, 
include Random Access Memory. Such hardware components allow for the execution of 
hardware non-specific operations. Such software is either embedded in the client control 
connection module or uploaded therein. The software functions to create a process wherein the 
client and server communicate current network conditions and modify the data stream 

20 accordingly. 

The client data connection module 210 fiinctions to send data packets to the client using 
a connectionless protocol to reduce server overhead. Hardware devices suitable for use as a 
client data connection module within the streaming server, include Random Access Memory 
and Network Interface Cards. Such software is either embedded in the client data connection 

25 module or uploaded therein. The software functions to create a process wherein the encrypted 
data is sent via network packets to the client machine. 

The encryption module 220 uses the keys negotiated by the client/server to encrypt the 
data stream as it is being sent to the client. This allows for "on the fly" encryption and the 
encryption keys will be unique for all client/server connections. This allows the source footage 

30 to be stored unencrypted on the server. Hardware devices suitable for use as an encryption 
module within the streaming server, include Random Access Memory and proprietary 
hardware encryption devices. Such hardware components include software that functions that 
do the actual encryption of the data. Such software is either embedded in the encryption 
module or uploaded therein. The software functions to create a process wherein the data being 

35 sent to the device is encrypted with the keys originally negotiated with the client and the output 
data is of a format that can only be read after being decrypted by the client. 

The flow control module 230 makes sure that the data stream is being sent to the server 
at the rate in which the client is using the data. The buffer at the client needs to be full at all 
times but streaming data must also not be overwritten. Thus, the flow control module 
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communicates with both the encryption module 220 and uses feedback obtained from the client 
control connection module 200. Hardware devices suitable for use as a flow control module 
within the streaming server, include Random Access Memory. Such software is either 
embedded in the flow control module or uploaded therein. The software functions to create a 

5 process wherein the flow of data from the server to the client is regulated. 

The file system read buffer 240 is for server performance. Small amounts of data read 
in from the file will be stored in memory instead of having a constant open file on the file 
system. The file system module 250 is responsible for reading in data from the source footage 
on the storage medium. The file system module communicates with the client control 

10 connection module 200 to open URIs and the user interface module 260 to file path 

configurations. Hardware devices suitable for use as a file system module within the streaming 
server, include Random Access Memory. Such hardware components include software that 
functions to allow the access to data streams. Such software is either embedded in the file 
system module or uploaded therein. The software functions to create a process wherein the 

1 5 data stored on the secondary storage device can be loaded into Random Access Memory to be 
delivered to the encryption module. 

The streaming server further provides a simple user interface module 260 for setting 
server options such as which network port to bind to and the location of source footage. 
Hardware devices suitable for use as a file system module within the streaming server, include 

20 Random Access Memory. Such software is either embedded in the file system module or 
uploaded therein. The software functions to create a process wherein the user of the server 
software can tell the file system module where to go to find the data streams. 

With regard to Figure 3, the transaction server comprises four module components. To 
access a video stream, the client must first obtain a transaction token. The transaction token is 

25 based on a pay-per-view scheme in which the token will be valid for a certain time period. The 
time a token is valid for is dependent on what the user selects and what options are available 
for the selected stream. The user contacts the transaction server, via a client interaction 
module 300, with the user information and the URI. The transaction server will determine 
what time options are available for the token and present that to the user. After the user selects 

30 the required time limit, the request is passed off to the user verification module 3 1 0. Hardware 
devices suitable for use as a client interaction module within the transaction server include 
Random Access Memory. Such software is either embedded in the client interaction module 
or uploaded therein. The software functions to create a process wherein the user information is 
verified against the database and a valid token is created based upon the options requested by 

35 the user. 

The user verification module 310 checks for user information passed against a user 
database to see if the user is valid or not. The user database resides in memory of the user 
verification module. Hardware devices suitable for use as a user verification module within 
the transaction server, include Random Access Memory. Such software is either embedded in 
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the user verification module or uploaded therein. The software functions to create a process 
wherein the token passed is verified. The URI creation module 320 and the token creation 
module 330 are tied together and the token is based upon the request URI. This means that the 
token is unique to the request URI and cannot be used for any other stream. This information 

5 is then passed back to the client via module 300. Hardware devices suitable for use as a URI 
creation module and token creation module, each located within the transaction server, include 
NA. Such hardware components include software that functions to Random Access Memory. 
Such software is either embedded in the URI creation module or token creation module or 
uploaded therein. The software functions to create a process wherein a valid URI to the media 

1 0 stream the user selected is created. 

With regard to Figure 4, the client 400 executes and the client is loaded with a URI and 
a token 410. The client either double clicks on the client's icon (no) or it launched by a media 
server (yes). If the media server launched the client, there will be a request URI and token in 
the command-line parameters of the client. A display a window (420) lists all the purchased 

15 (and current) data (video) streams available to view. The user will be able to select a data 
stream to view by double clicking on the title of the stream. The screen waits for input from 
the user (430) and the user selects a data stream or another housekeeping option (440). If a 
housekeeping option was selected, execute user request (450) and go back to displaying video 
streams with module 420. 

20 If the user launches a data stream (selects yes from 410) a URI and token is saved in the 

purchased video streams list so it can be viewed again at a later time 460. A connection to the 
streaming server is opened and the URI, token and user information is sent to the streaming 
server 470. The streaming server acknowledges a valid (or invalid) URI and token 
combination 480. If the token is invalid or has expired, the server will close the connection 

25 and the client will go back and display all the data streams that are available to view. If the 
server acknowledges a valid URI and token combination, the client will start to receive data 
from the streaming server and display it 490. 

If the data stream finishes or the user selects any of the available stream options such as 
pause, stop, play, or restart 500, the stream will stop and await further user input. If the stream 

30 has finished playing 510, the process goes back to the list of available streams 420, or continue 
displaying the data stream 490 by processing a user request 520 and then going back to 
displaying the stream 490. 

With regard to Figure 5 and the process run by the streaming server, there is first a 
connection with the client control module 200, 600 to allow the client to establish a connection 

35 with the streaming server. The client will provide the URI, token and user information 610 
from user 470. The streaming server determines if the token and URI are valid 620. If the 
token is invalid or has expired, the connection to the client will be closed with an appropriate 
error message 630. If token is valid, a set of unique encryption keys will be negotiated with 
the client 640. A URI will be opened and streaming data will be read into a buffer 650. 
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The client flow control module 230, provides for the client and streaming server to 
have a flow control connection established to make sure that the data stream is leaving the 
streaming server at the same rate it is being used at the client end 660. This addresses 
bandwidth issues as well as making sure that the client play buffer is not overwritten. 

5 Therefore, the client flow control mechanism 660 uses the client flow control module 230 to 
obtain feedback from the data buffer in the client 710 and control the rate of the data stream to 
keep the client buffer as full as possible. If the client can not accept any more data at this time, 
return to flow control module so indicates 670 to slow down or pause the streaming data. If 
the client can accept more data 680, the client flow control will first determine if there are 

1 0 more data to stream 680. If there are no more data to stream, the data stream could be 

completed and the client connection will be closed 690. If there is more data to be sent, the 
data waiting in the send buffer will be encrypted 700 and those data in the send buffer will be 
sent to the client 710. 

With regard to Figure 6 at the transaction server, the client first connects to the 

1 5 transaction server, for example through a web page 800. Preferably, the transaction server will 
be implemented with ASP scripts. The client sends request URI and user information through 
ASP command-line arguments 810 and the transaction server user verification module 310 will 
determine the time limits of available tokens and display to user for selection. The transaction 
server will look up user information 820 in a database in the user verification module 310. 

20 Examples of looking up user information are whether or not a user has an account (exists 
according to the transaction server) 830. If the user does not have an account 840, a 
transaction will be opened up to create new account page and get information from the user 
840. In addition, the transaction server user verification module 3 1 0 will determine if the URI 
that was requested is free of charge 850. If the URI costs money 860, the transaction server 

25 user verification module 310 will debit a credit card that is in the user database. This process 
will create a URI in the URI creation module 320 of the transaction server. 

Once a URI is provided and either paid for or provided free, a token will be created 870 
in the token creation module 330. The token now created will be linked with the URI and a 
time limit will be selected 880. Lastly, the viewer will be started on the client machine and 

30 sent back to the client along with the URI and the created token. 
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We claim: 

1 . A streaming server for encrypting a data stream to secure the data stream to 
enable only single viewing, comprising: 

(a) a streaming server component, wherein the streaming server component comprises a 
5 client data connection module to send data packets to a client, and encryption module to use 

encryption keys negotiated with the client to encrypt the data stream and operably connected to 
the client data connection module, and a flow control module for controlling the rate of data 
stream flow to maintain a full client buffer; and 

(b) a transaction server component, wherein the transaction server component 
1 0 comprises a client interaction module for connecting a user to the transaction server 

component, a user verification module having a user database wherein the user verification 
module is operably linked to the client interaction module and checking for a valid user, and a 
URI and token creation module operably linked to the user verification module for creating 
new URIs and tokens in response to user requests. 
15 2. The streaming server of claim 1 , wherein the streaming server component 

further comprises a read buffer module operable connected with the flow control module for 
reading in data from a source footage on storage medium. 

3 . The streaming server of claim 1 , wherein the streaming server component 
further comprises a user interface module operably connected to the file system module or flow 

20 control module for setting server options. 

4. The streaming server of claim 1 , wherein the streaming server further comprises 
a client server component comprising a data stream control protocol module to create an initial 
connection to the streaming server component, a decryption module to decrypt the incoming 
data stream, an input buffer module to buffer incoming data streams, and a display control 

25 module to control the display of streaming data. 

5. The streaming server of claim 4, wherein the client server component further 
comprises a display module to display audio and video data. 

6. A process for encrypting a data stream to secure the data stream to enable only 
single viewing, comprising: 

30 (a) providing a client selection for a streaming data transmission; 

(b) opening a connection to a streaming server and sending URI, token and user 
information to the streaming server, wherein the streaming server comprises a client data 
connection module to send data packets to a client, and encryption module to use encryption 
keys negotiated with the client to encrypt the data stream and operably connected to the client 

35 data connection module, and a flow control module for controlling the rate of data stream flow 
to maintain a full client buffer; 

(c) approving or disapproving a valid or invalid, respectively, URI and token 
combination on a transaction server, wherein the transaction server comprises a client 
interaction module for connecting a user to the transaction server component, a user 

10 



WO 01/35571 



PCTYUS00/30899 



verification module having a user database wherein the user verification module is operably 
linked to the client interaction module and checking for a valid user, and a URI and token 
creation module operably linked to the user verification module for creating new URJs and 
tokens in response to user requests; and 

(d) providing a continuously encrypted data stream to the client if a valid URI and 
token combination was found. 

7. The process of claim 6 wherein the streaming server further comprises a read 
buffer module operable connected with the flow control module for reading in data from a 
source footage on storage medium. 

8. The process of claim 6 wherein the streaming server further comprises a user 
interface module operably connected to the file system module or flow control module for 
setting server options. 

9. The process of claim 6 wherein the streaming server further comprises a client 
server component comprising a data stream control protocol module to create an initial 
connection to the streaming server component, a decryption module to decrypt the incoming 
data stream, an input buffer module to buffer incoming data streams, and a display control 
module to control the display of streaming data. 

10. The process of claim 9 wherein tne client server component further comprises a 
display module to display audio and video data. 

1 1 . The process of claim 6 wherein the providing the continuously encrypted data 
stream step (d) further comprises a user interface module in the streaming server to allow for 
pausing, stopping, playing or restarting the data stream. 

12. The process of claim 6 wherein the transaction server is implemented with ASP 
scripts for encryption. 
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